Designing and maintaining firewall configurations is hard also for expert system administrators. Indeed, policies are made of a large number of rules and are written in low-level configuration languages that are specific to the firewall system in use. To simplify the work of system administrators, some authors of the present paper proposed in previous work a transcompilation pipeline and a tool that (i) extracts the meaning of a real configuration by representing it into a tabular form; (ii) refactors a configuration by removing redundant rules; (iii) ports the policy from a firewall system to another. Here, we extend this pipeline by proposing a new characterization that models rulesets and firewalls as functions from packets to transformations. Transformations specify which packets are accepted by the firewall and how they are translated. Using this functional characterization we propose two new algorithms that simplify the treatment of the pipeline.
|Titolo:||From firewalls to functions and back|
|Data di pubblicazione:||2019|
|Appare nelle tipologie:||4.1 Contributo in Atti di convegno|